| Message ID | 20190313051252.2917-1-ebiggers@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | crypto: test the !may_use_simd() fallback code | expand |
On Wed, 13 Mar 2019 at 06:15, Eric Biggers <ebiggers@kernel.org> wrote: > > All crypto API algorithms are supposed to support the case where they > are called in a context where SIMD instructions are unusable, e.g. IRQ > context on some architectures. However, this isn't tested for by the > self-tests, causing bugs to go undetected. > > This patch series therefore updates the self-tests to test the no-SIMD > code. It works by converting all may_use_simd() checks to a new macro > crypto_simd_usable(), which also returns false when the self-tests have > disabled SIMD in crypto algorithms on the current CPU for test purposes. > > For now, all no-SIMD testing is limited to the extra crypto self-tests, > because it might be a bit too invasive for the regular self-tests. > But this could be changed later. > > This already found bugs in the arm64 implementations of AES-GCM and > ChaCha. These are fixed by the first two patches. Following this, the > tests pass on x86, arm, and arm64. > Thanks a lot for doing this Eric. I pushed your branch to kernelci again, let's see if anything else falls out (although not as likely, given that this shouldn't affect h/w accelerators) > This patch series is based on top of my other pending patch series > "crypto: add SIMD helpers for AEADs". It can also be found in git at: > > URL: https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git > Branch: crypto-nosimd-tests > > Eric Biggers (8): > crypto: chacha-generic - fix use as arm64 no-NEON fallback > crypto: arm64/gcm-aes-ce - fix no-NEON fallback code > crypto: simd,testmgr - introduce crypto_simd_usable() > crypto: x86 - convert to use crypto_simd_usable() > crypto: arm - convert to use crypto_simd_usable() > crypto: arm64 - convert to use crypto_simd_usable() > crypto: simd - convert to use crypto_simd_usable() > crypto: testmgr - test the !may_use_simd() fallback code > > arch/arm/crypto/chacha-neon-glue.c | 5 +- > arch/arm/crypto/crc32-ce-glue.c | 5 +- > arch/arm/crypto/crct10dif-ce-glue.c | 3 +- > arch/arm/crypto/ghash-ce-glue.c | 7 +- > arch/arm/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm/crypto/sha1-ce-glue.c | 5 +- > arch/arm/crypto/sha1_neon_glue.c | 5 +- > arch/arm/crypto/sha2-ce-glue.c | 5 +- > arch/arm/crypto/sha256_neon_glue.c | 5 +- > arch/arm/crypto/sha512-neon-glue.c | 5 +- > arch/arm64/crypto/aes-ce-ccm-glue.c | 7 +- > arch/arm64/crypto/aes-ce-glue.c | 5 +- > arch/arm64/crypto/aes-glue.c | 4 +- > arch/arm64/crypto/aes-neonbs-glue.c | 2 +- > arch/arm64/crypto/chacha-neon-glue.c | 5 +- > arch/arm64/crypto/crct10dif-ce-glue.c | 5 +- > arch/arm64/crypto/ghash-ce-glue.c | 17 ++- > arch/arm64/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm64/crypto/sha1-ce-glue.c | 7 +- > arch/arm64/crypto/sha2-ce-glue.c | 7 +- > arch/arm64/crypto/sha256-glue.c | 5 +- > arch/arm64/crypto/sha3-ce-glue.c | 5 +- > arch/arm64/crypto/sha512-ce-glue.c | 7 +- > arch/arm64/crypto/sm3-ce-glue.c | 7 +- > arch/arm64/crypto/sm4-ce-glue.c | 5 +- > arch/x86/crypto/aesni-intel_glue.c | 8 +- > arch/x86/crypto/chacha_glue.c | 6 +- > arch/x86/crypto/crc32-pclmul_glue.c | 5 +- > arch/x86/crypto/crc32c-intel_glue.c | 7 +- > arch/x86/crypto/crct10dif-pclmul_glue.c | 7 +- > arch/x86/crypto/ghash-clmulni-intel_glue.c | 9 +- > arch/x86/crypto/nhpoly1305-avx2-glue.c | 5 +- > arch/x86/crypto/nhpoly1305-sse2-glue.c | 5 +- > arch/x86/crypto/poly1305_glue.c | 4 +- > arch/x86/crypto/sha1_ssse3_glue.c | 7 +- > arch/x86/crypto/sha256_ssse3_glue.c | 7 +- > arch/x86/crypto/sha512_ssse3_glue.c | 10 +- > crypto/chacha_generic.c | 2 +- > crypto/simd.c | 8 +- > crypto/testmgr.c | 142 +++++++++++++++++---- > include/crypto/internal/simd.h | 24 ++++ > 41 files changed, 272 insertions(+), 123 deletions(-) > > -- > 2.21.0 >
On Tue, Mar 12, 2019 at 10:12:44PM -0700, Eric Biggers wrote: > All crypto API algorithms are supposed to support the case where they > are called in a context where SIMD instructions are unusable, e.g. IRQ > context on some architectures. However, this isn't tested for by the > self-tests, causing bugs to go undetected. > > This patch series therefore updates the self-tests to test the no-SIMD > code. It works by converting all may_use_simd() checks to a new macro > crypto_simd_usable(), which also returns false when the self-tests have > disabled SIMD in crypto algorithms on the current CPU for test purposes. > > For now, all no-SIMD testing is limited to the extra crypto self-tests, > because it might be a bit too invasive for the regular self-tests. > But this could be changed later. > > This already found bugs in the arm64 implementations of AES-GCM and > ChaCha. These are fixed by the first two patches. Following this, the > tests pass on x86, arm, and arm64. > > This patch series is based on top of my other pending patch series > "crypto: add SIMD helpers for AEADs". It can also be found in git at: > > URL: https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git > Branch: crypto-nosimd-tests > > Eric Biggers (8): > crypto: chacha-generic - fix use as arm64 no-NEON fallback > crypto: arm64/gcm-aes-ce - fix no-NEON fallback code > crypto: simd,testmgr - introduce crypto_simd_usable() > crypto: x86 - convert to use crypto_simd_usable() > crypto: arm - convert to use crypto_simd_usable() > crypto: arm64 - convert to use crypto_simd_usable() > crypto: simd - convert to use crypto_simd_usable() > crypto: testmgr - test the !may_use_simd() fallback code > > arch/arm/crypto/chacha-neon-glue.c | 5 +- > arch/arm/crypto/crc32-ce-glue.c | 5 +- > arch/arm/crypto/crct10dif-ce-glue.c | 3 +- > arch/arm/crypto/ghash-ce-glue.c | 7 +- > arch/arm/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm/crypto/sha1-ce-glue.c | 5 +- > arch/arm/crypto/sha1_neon_glue.c | 5 +- > arch/arm/crypto/sha2-ce-glue.c | 5 +- > arch/arm/crypto/sha256_neon_glue.c | 5 +- > arch/arm/crypto/sha512-neon-glue.c | 5 +- > arch/arm64/crypto/aes-ce-ccm-glue.c | 7 +- > arch/arm64/crypto/aes-ce-glue.c | 5 +- > arch/arm64/crypto/aes-glue.c | 4 +- > arch/arm64/crypto/aes-neonbs-glue.c | 2 +- > arch/arm64/crypto/chacha-neon-glue.c | 5 +- > arch/arm64/crypto/crct10dif-ce-glue.c | 5 +- > arch/arm64/crypto/ghash-ce-glue.c | 17 ++- > arch/arm64/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm64/crypto/sha1-ce-glue.c | 7 +- > arch/arm64/crypto/sha2-ce-glue.c | 7 +- > arch/arm64/crypto/sha256-glue.c | 5 +- > arch/arm64/crypto/sha3-ce-glue.c | 5 +- > arch/arm64/crypto/sha512-ce-glue.c | 7 +- > arch/arm64/crypto/sm3-ce-glue.c | 7 +- > arch/arm64/crypto/sm4-ce-glue.c | 5 +- > arch/x86/crypto/aesni-intel_glue.c | 8 +- > arch/x86/crypto/chacha_glue.c | 6 +- > arch/x86/crypto/crc32-pclmul_glue.c | 5 +- > arch/x86/crypto/crc32c-intel_glue.c | 7 +- > arch/x86/crypto/crct10dif-pclmul_glue.c | 7 +- > arch/x86/crypto/ghash-clmulni-intel_glue.c | 9 +- > arch/x86/crypto/nhpoly1305-avx2-glue.c | 5 +- > arch/x86/crypto/nhpoly1305-sse2-glue.c | 5 +- > arch/x86/crypto/poly1305_glue.c | 4 +- > arch/x86/crypto/sha1_ssse3_glue.c | 7 +- > arch/x86/crypto/sha256_ssse3_glue.c | 7 +- > arch/x86/crypto/sha512_ssse3_glue.c | 10 +- > crypto/chacha_generic.c | 2 +- > crypto/simd.c | 8 +- > crypto/testmgr.c | 142 +++++++++++++++++---- > include/crypto/internal/simd.h | 24 ++++ > 41 files changed, 272 insertions(+), 123 deletions(-) All applied. Thanks.
All crypto API algorithms are supposed to support the case where they are called in a context where SIMD instructions are unusable, e.g. IRQ context on some architectures. However, this isn't tested for by the self-tests, causing bugs to go undetected. This patch series therefore updates the self-tests to test the no-SIMD code. It works by converting all may_use_simd() checks to a new macro crypto_simd_usable(), which also returns false when the self-tests have disabled SIMD in crypto algorithms on the current CPU for test purposes. For now, all no-SIMD testing is limited to the extra crypto self-tests, because it might be a bit too invasive for the regular self-tests. But this could be changed later. This already found bugs in the arm64 implementations of AES-GCM and ChaCha. These are fixed by the first two patches. Following this, the tests pass on x86, arm, and arm64. This patch series is based on top of my other pending patch series "crypto: add SIMD helpers for AEADs". It can also be found in git at: URL: https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git Branch: crypto-nosimd-tests Eric Biggers (8): crypto: chacha-generic - fix use as arm64 no-NEON fallback crypto: arm64/gcm-aes-ce - fix no-NEON fallback code crypto: simd,testmgr - introduce crypto_simd_usable() crypto: x86 - convert to use crypto_simd_usable() crypto: arm - convert to use crypto_simd_usable() crypto: arm64 - convert to use crypto_simd_usable() crypto: simd - convert to use crypto_simd_usable() crypto: testmgr - test the !may_use_simd() fallback code arch/arm/crypto/chacha-neon-glue.c | 5 +- arch/arm/crypto/crc32-ce-glue.c | 5 +- arch/arm/crypto/crct10dif-ce-glue.c | 3 +- arch/arm/crypto/ghash-ce-glue.c | 7 +- arch/arm/crypto/nhpoly1305-neon-glue.c | 3 +- arch/arm/crypto/sha1-ce-glue.c | 5 +- arch/arm/crypto/sha1_neon_glue.c | 5 +- arch/arm/crypto/sha2-ce-glue.c | 5 +- arch/arm/crypto/sha256_neon_glue.c | 5 +- arch/arm/crypto/sha512-neon-glue.c | 5 +- arch/arm64/crypto/aes-ce-ccm-glue.c | 7 +- arch/arm64/crypto/aes-ce-glue.c | 5 +- arch/arm64/crypto/aes-glue.c | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 2 +- arch/arm64/crypto/chacha-neon-glue.c | 5 +- arch/arm64/crypto/crct10dif-ce-glue.c | 5 +- arch/arm64/crypto/ghash-ce-glue.c | 17 ++- arch/arm64/crypto/nhpoly1305-neon-glue.c | 3 +- arch/arm64/crypto/sha1-ce-glue.c | 7 +- arch/arm64/crypto/sha2-ce-glue.c | 7 +- arch/arm64/crypto/sha256-glue.c | 5 +- arch/arm64/crypto/sha3-ce-glue.c | 5 +- arch/arm64/crypto/sha512-ce-glue.c | 7 +- arch/arm64/crypto/sm3-ce-glue.c | 7 +- arch/arm64/crypto/sm4-ce-glue.c | 5 +- arch/x86/crypto/aesni-intel_glue.c | 8 +- arch/x86/crypto/chacha_glue.c | 6 +- arch/x86/crypto/crc32-pclmul_glue.c | 5 +- arch/x86/crypto/crc32c-intel_glue.c | 7 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 7 +- arch/x86/crypto/ghash-clmulni-intel_glue.c | 9 +- arch/x86/crypto/nhpoly1305-avx2-glue.c | 5 +- arch/x86/crypto/nhpoly1305-sse2-glue.c | 5 +- arch/x86/crypto/poly1305_glue.c | 4 +- arch/x86/crypto/sha1_ssse3_glue.c | 7 +- arch/x86/crypto/sha256_ssse3_glue.c | 7 +- arch/x86/crypto/sha512_ssse3_glue.c | 10 +- crypto/chacha_generic.c | 2 +- crypto/simd.c | 8 +- crypto/testmgr.c | 142 +++++++++++++++++---- include/crypto/internal/simd.h | 24 ++++ 41 files changed, 272 insertions(+), 123 deletions(-)